Enterprise PKI Status Codes

11/17/2009

2 minutes to read

In this article

Applies To: Windows Server 2008 R2

The Enterprise PKI snap-in provides a view of the status of the certification authorities (CAs) and Online Responders in one or more public key infrastructures (PKIs). In addition, the Enterprise PKI snap-in can be used to verify the validity and accessibility of authority information access locations and certificate revocation list (CRL) distribution points.

For each CA selected, the Enterprise PKI snap-in indicates one of the CA health states listed in the following table.

Indicator

CA state

Question mark

CA health state evaluation

Green indicator

CA has no problems

Yellow indicator

CA has one or more non-critical problems

Red indicator

CA has one or more critical problems

Red cross over CA icon

CA is offline

If your environment includes one or more Online Responders, the Enterprise PKI snap-in can be used to monitor the status of these components. The indicators and health states in the following table apply to Online Responders.

For problems relating to the Online Responder, use the Online Responder snap-in to further diagnose and resolve the problem. For problems relating to CAs, CRL distribution points, and authority information access locations, use the Certification Authority snap-in to further diagnose and resolve the problem. In addition, check the Event log on the computers hosting the Active Directory Certificate Services (AD CS) role services for additional troubleshooting information that can help you identify and resolve any problems. For more information about troubleshooting CA, Online Responder, certificate validation, and revocation checking problems, see Active Directory Certificate Services (http://go.microsoft.com/fwlink/?LinkId=89215).